stanlite a database engine for secure data processing at
play

STANlite a database engine for secure data processing at rack-scale - PowerPoint PPT Presentation

Jul 05, 2023 •18 likes •388 views

Institute of Operating Systems and Computer Networks STANlite a database engine for secure data processing at rack-scale level IEEE International Conference on Cloud Engineering (IC2E18) V. A. Sartakov, N. Weichbrodt, S. Krieter, T.

  1. Institute of Operating Systems and Computer Networks STANlite – a database engine for secure data processing at rack-scale level IEEE International Conference on Cloud Engineering (IC2E’18) V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza, April 20, 2018 This work was partly supported by the DFG under priority program SPP2037

  2. Design of STANlite Implementation of key components Evaluation Related works Conclusion Intro Data processing in cloud databases – commonly used practice Leakage of security sensitive information Compromising of data processing Mechanisms of prevention: Own trusted infrastructure Secure processors Homomorphic encryption V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 2 STANlite – a database engine for secure data processing at rack-scale level

  3. Design of STANlite Implementation of key components Evaluation Related works Conclusion Intro Data processing in cloud databases – commonly used practice Leakage of security sensitive information Compromising of data processing Mechanisms of prevention: Own trusted infrastructure Secure processors Homomorphic encryption Intel Software Guard eXtensions (SGX) Trusted execution in untrusted environments V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 2 STANlite – a database engine for secure data processing at rack-scale level

  4. Design of STANlite Implementation of key components Evaluation Related works Conclusion Trusted execution in untrusted environments TCB App. App. App. App. SGX Enclaves – new system entities: Operating Operating Located in User space System System Physical pages are encrypted Hypervisor Hypervisor Cannot be accessed by devices or software Hardware Hardware Without an enclave With an enclave Trusted Computing Base V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 3 STANlite – a database engine for secure data processing at rack-scale level

  5. Design of STANlite Implementation of key components Evaluation Related works Conclusion Trusted execution in untrusted environments TCB App. App. App. App. SGX Enclaves – new system entities: Operating Operating Located in User space System System Physical pages are encrypted Hypervisor Hypervisor Cannot be accessed by devices or software Hardware Hardware Without an enclave With an enclave Trusted Computing Base ⇒ Trusted execution on commodity hardware V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 3 STANlite – a database engine for secure data processing at rack-scale level

  6. Design of STANlite Implementation of key components Evaluation Related works Conclusion Programming of enclaves Challenges: Software should be self-contained and fully located inside an enclave No dependencies V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4 STANlite – a database engine for secure data processing at rack-scale level

  7. Design of STANlite Implementation of key components Evaluation Related works Conclusion Programming of enclaves Challenges: Software should be self-contained and fully located inside an enclave No dependencies Some instructions are forbidden No System calls V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4 STANlite – a database engine for secure data processing at rack-scale level

  8. Design of STANlite Implementation of key components Evaluation Related works Conclusion Programming of enclaves Challenges: Software should be self-contained and fully located inside an enclave No dependencies Some instructions are forbidden No System calls ECalls and OCalls – expensive switching mechanisms between trusted and untrusted modes At least in 50 times slower than a system call [1, 2] V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4 STANlite – a database engine for secure data processing at rack-scale level

  9. Design of STANlite Implementation of key components Evaluation Related works Conclusion Programming of enclaves Challenges: Software should be self-contained and fully located inside an enclave No dependencies Some instructions are forbidden No System calls ECalls and OCalls – expensive switching mechanisms between trusted and untrusted modes At least in 50 times slower than a system call [1, 2] Paging V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4 STANlite – a database engine for secure data processing at rack-scale level

  10. Design of STANlite Implementation of key components Evaluation Related works Conclusion Enclave Page Cache (EPC) limit memset speed ( MiB / sec ) 800 % 100 600 400 50 244.8 35 . 3 200 92 0 0 0 100 200 memset chunk size ( MiB ) V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 5 STANlite – a database engine for secure data processing at rack-scale level

  11. Design of STANlite Implementation of key components Evaluation Related works Conclusion EPC limit memset speed ( MiB / sec ) 800 % 100 ˜92 MiB are available 600 Heavyweight paging 400 Involves a kernel 50 244.8 Threads should exit 35 . 3 200 Encryption/decryption Integrity protection 92 0 0 0 100 200 memset chunk size ( MiB ) V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 5 STANlite – a database engine for secure data processing at rack-scale level

  12. Design of STANlite Implementation of key components Evaluation Related works Conclusion STANlite STANlite: a secure database for data processing in clouds Built on top of SGX Enclaves Processes large volumes of data without paging ECall-free high-performance communications over Remote Direct Memory Access (RDMA) V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 6 STANlite – a database engine for secure data processing at rack-scale level

  13. Design of STANlite Implementation of key components Evaluation Related works Conclusion Agenda Implementation of key components Evaluation Related works Conclusion V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 7 STANlite – a database engine for secure data processing at rack-scale level

  14. Design of STANlite Implementation of key components Evaluation Related works Conclusion STANlite Process virtual memory 0xff..f Enclaved software can access untrusted memory Evicted Pages The database can manage own pages Swap in and swap out on request Enclave 92MiB in size Heap Keep frequently used content inside Evict rarely used content in encrypted form Content Fix memory layout to prevent the heavyweight paging Database engine 0x0 ⇒ Special Virtual Memory Engine (VME) V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 8 STANlite – a database engine for secure data processing at rack-scale level

  15. Design of STANlite Implementation of key components Evaluation Related works Conclusion Architecture VME components: Warm Store Enclave Virtual Memory Engine Cold Store Cold Store Communication Layer Warm Store XX Client Least Recently Used list C5 encrypt XX write C4 SQL C3 Swapping: Engine C0 Client XX read decrypt C2 Encryption/Decryption C1 XX Hash sums for rollback attacks prevention V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 9 STANlite – a database engine for secure data processing at rack-scale level

  16. Design of STANlite Implementation of key components Evaluation Related works Conclusion Table of Contents Implementation of key components Evaluation Related works Conclusion V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 10 STANlite – a database engine for secure data processing at rack-scale level

  17. Design of STANlite Implementation of key components Evaluation Related works Conclusion The basis SQLite as SQL engine: Communication layer Low footprint Interface Read/Write semantic VME Integration: SQL command Core processor OS Interface STANlite Virtual Machine Disabled Pager Three VME modes B-Tree Backend Pager OS Interface VME V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 11 STANlite – a database engine for secure data processing at rack-scale level

  18. Design of STANlite Implementation of key components Evaluation Related works Conclusion VME mode: Integrity and Confidentiality ( Integrity) Enclave VME Cold Store C5 write C4 C4 encrypt C4 SQL C3 Engine C2 read C1 decrypt C1 C1 C0 V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 12 STANlite – a database engine for secure data processing at rack-scale level

  19. Design of STANlite Implementation of key components Evaluation Related works Conclusion VME mode: +Cache ( Caching ) Enclave VME Cold Store XX Warm Store XX write C4 C4 decrypt SQL C3 C5 Engine read C3 C2 C0 e n c C1 r y p t XX V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 13 STANlite – a database engine for secure data processing at rack-scale level

  20. Design of STANlite Implementation of key components Evaluation Related works Conclusion VME mode: +Fetch ( Fetching ) Enclave VME Cold Store XX Warm Store XX fetch C4 C4 SQL fetch C5 C3 C5 Engine fetch C1 C2 C0 X C1 decrypt C1 XX V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 14 STANlite – a database engine for secure data processing at rack-scale level

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Environmental Strategic Database Engine Environmental Strategic Database Engine

Environmental Strategic Database Engine Environmental Strategic Database Engine

Environmental Strategic Database Engine Environmental Strategic Database Engine 1 Concept of Environmental Strategic Database Strategic database for the environmental policy decision is composed of tables of technologies,

423 views • 31 slides
The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi

The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi

The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi Arumugam 1 ,Alin Dobra 1 ,Christopher M. Jermaine 2 , Niketan Pansare 2 ,Luis Perez 2 1 University of Florida, 2 Rice University June 9, 2010

541 views • 23 slides
Embedding SQL Engine to Your Application Iwo Panowicz Percona Whats an Embedded Database?

Embedding SQL Engine to Your Application Iwo Panowicz Percona Whats an Embedded Database?

Embedding SQL Engine to Your Application Iwo Panowicz Percona Whats an Embedded Database? A library embedded in the application, that implements methods to access and manipulate data. A database running on an embedded computer mostly

795 views • 53 slides
Apache Spark: A Unified Engine for Big Data Processing Presented by: Huanyi Chen Apache Spark:

Apache Spark: A Unified Engine for Big Data Processing Presented by: Huanyi Chen Apache Spark:

Apache Spark: A Unified Engine for Big Data Processing Presented by: Huanyi Chen Apache Spark: A Unified Engine for Big Data Processing Engine? Unified? Apache Spark: A Unified Engine for Big Data Processing PAGE 2 Apache Spark: A

499 views • 36 slides
Course Content Database Management Systems Introduction Database Design Theory

Course Content Database Management Systems Introduction Database Design Theory

Course Content Database Management Systems Introduction Database Design Theory Query Processing and Optimisation Winter 2003 Concurrency Control Data Base Recovery and Security CMPUT 391: Query Processing &

609 views • 21 slides
Making A Many-Colored Processing Engine: Signal Processing with Optical Filters Christi K. Madsen

Making A Many-Colored Processing Engine: Signal Processing with Optical Filters Christi K. Madsen

Making A Many-Colored Processing Engine: Signal Processing with Optical Filters Christi K. Madsen Texas A&M University cmadsen@ee.tamu.edu Outline: The Toolbox Optical filter theory & architectures The Engine Practical

705 views • 41 slides
STORM AND LOW-LATENCY PROCESSING www.inf.ed.ac.uk Low latency processing Similar to data

STORM AND LOW-LATENCY PROCESSING www.inf.ed.ac.uk Low latency processing Similar to data

STORM AND LOW-LATENCY PROCESSING www.inf.ed.ac.uk Low latency processing Similar to data stream processing, but with a twist Data is streaming into the system (from a database, or a network stream, or an HDFS file, or ) We want to

573 views • 31 slides
Achievements 2006-2010 FP6 period EuResist Integrated DataBase EuResist predictive engine

Achievements 2006-2010 FP6 period EuResist Integrated DataBase EuResist predictive engine

Achievements 2006-2010 FP6 period EuResist Integrated DataBase EuResist predictive engine Publications/workshops Post FP6 period - 2010 Not-profit organisation (GEIE) Inclusion of data from new scientific partners Data

641 views • 23 slides
Spreadsheet As a Relational Database Engine Jerzy Tyszkiewicz Institute of Informatics

Spreadsheet As a Relational Database Engine Jerzy Tyszkiewicz Institute of Informatics

Spreadsheet As a Relational Database Engine Jerzy Tyszkiewicz Institute of Informatics University of Warsaw In the beginning there was data Incomes firstname name income Les Brown 1 230,00 John Brown 1 090,00 Terry Jones

615 views • 18 slides
Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov Outsourced Applications Today Server data data Encrypt the data! Encrypt the Data App functionality no App functionality no longer works :( longer

1.42k views • 58 slides
1 Alternative File Organizations Model for Analyzing Access Costs Many alternatives, each ideal

1 Alternative File Organizations Model for Analyzing Access Costs Many alternatives, each ideal

Database Management Systems Database Internals API/GUI (Simplification!) Query Optimizer Stats Physical plan Exec. Engine Logging, recovery Schemas Data/etc Requests Catalog Zachary Ives Index/file/rec Mgr CSE 594 Data/etc Requests

586 views • 12 slides
Database Management Course Content Systems Introduction Database Design Theory

Database Management Course Content Systems Introduction Database Design Theory

Database Management Course Content Systems Introduction Database Design Theory Query Processing and Optimisation Winter 2002 Concurrency Control Data Base Recovery and Security CMPUT 391: Spatial Data Management

364 views • 10 slides
The search engine you can see Connects people to information and services The search engine you

The search engine you can see Connects people to information and services The search engine you

The search engine you can see Connects people to information and services The search engine you cannot see Total data: ~1EB Processing data : ~100PB/day Total web pages: ~1000 Billion Web pages updated: ~10Billion/day requests: ~10Billion/day

329 views • 20 slides
Graph Analytics on Massively Parallel Processing Databases Frank McQuillan Feb 2017 MPP

Graph Analytics on Massively Parallel Processing Databases Frank McQuillan Feb 2017 MPP

Graph Analytics on Massively Parallel Processing Databases Frank McQuillan Feb 2017 MPP databases effective for graph analytics at scale in the enterprise 2 Database Engine Popularity http://db-engines.com/en/ranking 3 Graph Engine Trends

583 views • 46 slides
Transaction Processing in Distributed Database Systems Dr Janusz R. Getta School of Computing

Transaction Processing in Distributed Database Systems Dr Janusz R. Getta School of Computing

Transaction Processing in Distributed Database Systems file:///Users/jrg/235-2020-SPRING/SLIDES/WEEK07/16transactiondistributed/16transactiondistributed... CSCI235 Database Systems Transaction Processing in Distributed Database Systems Dr

998 views • 24 slides
1 One of the main selling points of a database engine is the ability to make declarative

1 One of the main selling points of a database engine is the ability to make declarative

1 One of the main selling points of a database engine is the ability to make declarative queries---like SQL---that specify what should be done while leaving the engine to choose the best way of fulfilling the request. Today we will look at XPath,

785 views • 27 slides
Kate Keahey Mathematics and CS Division, Argonne National Laboratory CASE, University of Chicago

Kate Keahey Mathematics and CS Division, Argonne National Laboratory CASE, University of Chicago

www. chameleoncloud.org CHAMELEON: CLOUD ON CLOUD Kate Keahey Mathematics and CS Division, Argonne National Laboratory CASE, University of Chicago keahey@anl.gov May 29, 2019 NSF MERIF Workshop CHAMELEON IN A NUTSHELL We like to change:

571 views • 23 slides
MRG - AMQP trading system in a rack Carl Trieloff Senior Consulting Software Engineer/ Director

MRG - AMQP trading system in a rack Carl Trieloff Senior Consulting Software Engineer/ Director

MRG - AMQP trading system in a rack Carl Trieloff Senior Consulting Software Engineer/ Director MRG Red Hat, Inc. Trading system in a rack... We will cover a generic use case of a trading system in a rack, showing a few common patterns that

383 views • 12 slides
Fault Domains in Mesos Vinod Kone (vinodkone@apache.org) About me Apache Mesos PMC and

Fault Domains in Mesos Vinod Kone (vinodkone@apache.org) About me Apache Mesos PMC and

Fault Domains in Mesos Vinod Kone (vinodkone@apache.org) About me Apache Mesos PMC and Committer Engineering Manager for Mesos team @ Mesosphere Previously Tech Lead for Mesos team @ Twitter PhD in Computer Science @

429 views • 24 slides
Equipment Configuration Objective At the end of the module you will be able to prepare ISAM

Equipment Configuration Objective At the end of the module you will be able to prepare ISAM

Equipment Configuration Objective At the end of the module you will be able to prepare ISAM for the services in terms of equipment configuration LTs NT-B and NT-I/O cards NT-B and NT-I/O cards Remote Modules like REM,

443 views • 18 slides
Agenda 1. More on multilevel R formulas 2. Generalized Multilevel Models 3. GMLM in R 1 More

Agenda 1. More on multilevel R formulas 2. Generalized Multilevel Models 3. GMLM in R 1 More

Agenda 1. More on multilevel R formulas 2. Generalized Multilevel Models 3. GMLM in R 1 More on multilevel R formulas 2 Building a two-level model <latexit

620 views • 22 slides
JUST THE MATHS SLIDES NUMBER 1.3 ALGEBRA 3 (Indices and radicals (or surds)) by

JUST THE MATHS SLIDES NUMBER 1.3 ALGEBRA 3 (Indices and radicals (or surds)) by

JUST THE MATHS SLIDES NUMBER 1.3 ALGEBRA 3 (Indices and radicals (or surds)) by A.J.Hobson 1.3.1 Indices 1.3.2 Radicals (or Surds) UNIT 1.3 - ALGEBRA 3 INDICES AND RADICALS (or Surds) 1.3.1 INDICES (a) Positive Integer Indices Let

663 views • 8 slides
Radicals MCR3U: Functions A radical , also called a root , is typically represented using the

Radicals MCR3U: Functions A radical , also called a root , is typically represented using the

f u n c t i o n s f u n c t i o n s Radicals MCR3U: Functions A radical , also called a root , is typically represented using the x . form n The argument x is called the radicand , while n is called the index . 3 For example, the

632 views • 3 slides
8th Grade Equations with Roots and Radicals 2015-12-17 www.njctl.org Slide 3 / 87 Slide 4 / 87

8th Grade Equations with Roots and Radicals 2015-12-17 www.njctl.org Slide 3 / 87 Slide 4 / 87

Slide 1 / 87 Slide 2 / 87 8th Grade Equations with Roots and Radicals 2015-12-17 www.njctl.org Slide 3 / 87 Slide 4 / 87 Table of Contents Click on topic to go to that section. Radical Expressions Containing Variables Simplifying

509 views • 15 slides

More recommend